🔒️ Use keyring to store random private key

.github/workflows/ci.yml

@@ -24,6 +24,9 @@ jobs:
       - uses: actions/checkout@v4
       - run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }}
 
+      # For keyring dependencies
+      - run: sudo apt install libdbus-1-dev pkg-config
+
       - name: Cache Docker layers
         id: image-cache
         uses: actions/cache@v4
@@ -75,6 +78,8 @@ jobs:
       - uses: Swatinem/rust-cache@v2
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
+      # For keyring dependencies
+      - run: sudo apt install libdbus-1-dev pkg-config
       - name: Install r0vm
         run: |
           wget https://github.com/risc0/risc0/releases/download/v1.3.0/cargo-risczero-x86_64-unknown-linux-gnu.tgz
@@ -103,6 +108,8 @@ jobs:
       - uses: Swatinem/rust-cache@v2
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
+      # For keyring dependencies
+      - run: sudo apt install libdbus-1-dev pkg-config
       - name: Build model
         run: cargo build -p hyle-model --no-default-features
       - name: Build

.github/workflows/clippy.yml

@@ -16,6 +16,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+      # For keyring dependencies
+      - run: sudo apt install libdbus-1-dev pkg-config
       - uses: actions-rs/toolchain@v1
         with:
           toolchain: stable

Cargo.toml

@@ -133,6 +133,8 @@ utoipa = { version = "5.3.1", features = ["axum_extras"] }
 utoipa-swagger-ui = { version = "9.0.0", features = ["axum"] }
 utoipa-axum = { version = "0.2.0" }
 testcontainers-modules = { version = "0.11.6", features = ["postgres"] }
+keyring = { version = "3", features = ["apple-native", "windows-native", "sync-secret-service"] }
+whoami = "1.5.2"
 
 [dev-dependencies]
 amm = { path = "./crates/contracts/amm", features = ["client"] }

src/bin/hyle.rs

@@ -72,7 +72,7 @@ async fn main() -> Result<()> {
     let mut config = conf::Conf::new(args.config_file, args.data_directory, args.run_indexer)
         .context("reading config file")?;
 
-    let crypto = Arc::new(BlstCrypto::new(config.id.clone()).context("Could not create crypto")?);
+    let crypto = Arc::new(BlstCrypto::new(&config.id).context("Could not create crypto")?);
     let pubkey = Some(crypto.validator_pubkey().clone());
 
     setup_tracing(
@@ -88,6 +88,8 @@ async fn main() -> Result<()> {
         ),
     )?;
 
+    info!("Loaded key {:?} for validator", pubkey);
+
     let pg;
     if args.pg {
         if std::fs::metadata(&config.data_directory).is_ok() {

src/consensus.rs

@@ -1166,7 +1166,7 @@ pub mod test {
         }
 
         async fn new_node(name: &str) -> Self {
-            let crypto = crypto::BlstCrypto::new(name.into()).unwrap();
+            let crypto = crypto::BlstCrypto::new(name).unwrap();
             Self::new(name, crypto.clone()).await
         }
 

src/genesis.rs

@@ -545,7 +545,7 @@ mod tests {
         let shared_bus = SharedMessageBus::default();
         let bus = GenesisBusClient::new_from_bus(shared_bus.new_handle()).await;
         let test_bus = TestGenesisBusClient::new_from_bus(shared_bus.new_handle()).await;
-        let crypto = Arc::new(BlstCrypto::new(config.id.clone()).unwrap());
+        let crypto = Arc::new(BlstCrypto::new(&config.id).unwrap());
         (
             Genesis {
                 config: Arc::new(config),
@@ -705,7 +705,7 @@ mod tests {
             let (mut genesis, mut bus) = new(config.clone()).await;
             bus.send(PeerEvent::NewPeer {
                 name: "node-2".into(),
-                pubkey: BlstCrypto::new("node-2".into())
+                pubkey: BlstCrypto::new("node-2")
                     .unwrap()
                     .validator_pubkey()
                     .clone(),
@@ -714,7 +714,7 @@ mod tests {
             .expect("send");
             bus.send(PeerEvent::NewPeer {
                 name: "node-3".into(),
-                pubkey: BlstCrypto::new("node-3".into())
+                pubkey: BlstCrypto::new("node-3")
                     .unwrap()
                     .validator_pubkey()
                     .clone(),
@@ -723,7 +723,7 @@ mod tests {
             .expect("send");
             bus.send(PeerEvent::NewPeer {
                 name: "node-4".into(),
-                pubkey: BlstCrypto::new("node-4".into())
+                pubkey: BlstCrypto::new("node-4")
                     .unwrap()
                     .validator_pubkey()
                     .clone(),
@@ -739,7 +739,7 @@ mod tests {
             let (mut genesis, mut bus) = new(config).await;
             bus.send(PeerEvent::NewPeer {
                 name: "node-4".into(),
-                pubkey: BlstCrypto::new("node-4".into())
+                pubkey: BlstCrypto::new("node-4")
                     .unwrap()
                     .validator_pubkey()
                     .clone(),
@@ -748,7 +748,7 @@ mod tests {
             .expect("send");
             bus.send(PeerEvent::NewPeer {
                 name: "node-2".into(),
-                pubkey: BlstCrypto::new("node-2".into())
+                pubkey: BlstCrypto::new("node-2")
                     .unwrap()
                     .validator_pubkey()
                     .clone(),
@@ -757,7 +757,7 @@ mod tests {
             .expect("send");
             bus.send(PeerEvent::NewPeer {
                 name: "node-3".into(),
-                pubkey: BlstCrypto::new("node-3".into())
+                pubkey: BlstCrypto::new("node-3")
                     .unwrap()
                     .validator_pubkey()
                     .clone(),

src/mempool.rs

@@ -1239,7 +1239,7 @@ pub mod test {
         }
 
         pub async fn new(name: &str) -> Self {
-            let crypto = BlstCrypto::new(name.into()).unwrap();
+            let crypto = BlstCrypto::new(name).unwrap();
             let shared_bus = SharedMessageBus::new(BusMetrics::global("global".to_string()));
 
             let out_receiver = get_receiver::<OutboundMessage>(&shared_bus).await;
@@ -1626,10 +1626,10 @@ pub mod test {
 
         // Adding 4 other validators
         // Total voting_power = 500; f = 167 --> You need at least 2 signatures to send PoDAUpdate
-        let crypto2 = BlstCrypto::new("validator2".into()).unwrap();
-        let crypto3 = BlstCrypto::new("validator3".into()).unwrap();
-        let crypto4 = BlstCrypto::new("validator4".into()).unwrap();
-        let crypto5 = BlstCrypto::new("validator5".into()).unwrap();
+        let crypto2 = BlstCrypto::new("validator2").unwrap();
+        let crypto3 = BlstCrypto::new("validator3").unwrap();
+        let crypto4 = BlstCrypto::new("validator4").unwrap();
+        let crypto5 = BlstCrypto::new("validator5").unwrap();
         ctx.setup_node(&[pubkey, crypto2.clone(), crypto3.clone(), crypto4, crypto5]);
 
         let register_tx = make_register_contract_tx(ContractName::new("test1"));
@@ -1668,7 +1668,7 @@ pub mod test {
         ctx.setup_node(&[pubkey]);
 
         // Adding new validator
-        let temp_crypto = BlstCrypto::new("validator1".into()).unwrap();
+        let temp_crypto = BlstCrypto::new("validator1").unwrap();
         ctx.add_trusted_validator(temp_crypto.validator_pubkey());
 
         // Sending transaction to mempool as RestApiMessage
@@ -1764,7 +1764,7 @@ pub mod test {
         );
         let size = LaneBytesSize(data_proposal.estimate_size() as u64);
 
-        let temp_crypto = BlstCrypto::new("temp_crypto".into()).unwrap();
+        let temp_crypto = BlstCrypto::new("temp_crypto").unwrap();
         let signed_msg =
             temp_crypto.sign(MempoolNetMessage::DataVote(data_proposal.hashed(), size))?;
         assert!(ctx
@@ -1797,7 +1797,7 @@ pub mod test {
         ctx.make_data_proposal_with_pending_txs()?;
 
         // Add new validator
-        let crypto2 = BlstCrypto::new("2".into()).unwrap();
+        let crypto2 = BlstCrypto::new("2").unwrap();
         ctx.add_trusted_validator(crypto2.validator_pubkey());
 
         let signed_msg = crypto2.sign(MempoolNetMessage::DataVote(
@@ -1833,7 +1833,7 @@ pub mod test {
         ctx.make_data_proposal_with_pending_txs()?;
 
         // Add new validator
-        let crypto2 = BlstCrypto::new("2".into()).unwrap();
+        let crypto2 = BlstCrypto::new("2").unwrap();
         ctx.add_trusted_validator(crypto2.validator_pubkey());
 
         let signed_msg = crypto2.sign(MempoolNetMessage::DataVote(
@@ -1848,7 +1848,7 @@ pub mod test {
     #[test_log::test(tokio::test)]
     async fn test_sending_sync_request() -> Result<()> {
         let mut ctx = MempoolTestCtx::new("mempool").await;
-        let crypto2 = BlstCrypto::new("2".into()).unwrap();
+        let crypto2 = BlstCrypto::new("2").unwrap();
         let pubkey2 = crypto2.validator_pubkey();
 
         ctx.handle_consensus_event(ConsensusProposal {
@@ -1889,7 +1889,7 @@ pub mod test {
             ctx.last_validator_lane_entry(ctx.validator_pubkey());
 
         // Add new validator
-        let crypto2 = BlstCrypto::new("2".into()).unwrap();
+        let crypto2 = BlstCrypto::new("2").unwrap();
         ctx.add_trusted_validator(crypto2.validator_pubkey());
 
         let signed_msg = crypto2.sign(MempoolNetMessage::SyncRequest(
@@ -1935,8 +1935,8 @@ pub mod test {
         ) = ctx.last_validator_lane_entry(ctx.validator_pubkey());
 
         // Add new validator
-        let crypto2 = BlstCrypto::new("2".into()).unwrap();
-        let crypto3 = BlstCrypto::new("3".into()).unwrap();
+        let crypto2 = BlstCrypto::new("2").unwrap();
+        let crypto3 = BlstCrypto::new("3").unwrap();
 
         ctx.add_trusted_validator(crypto2.validator_pubkey());